{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-52424", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T15:46:59.936Z", "datePublished": "2024-05-17T20:28:13.039Z", "dateReserved": "2024-02-04T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-17T20:28:13.377Z"}, "descriptions": [{"lang": "en", "value": "The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an \"SSID Confusion\" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.wi-fi.org/news-events/press-releases"}, {"url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx"}, {"url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/"}, {"url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.852Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wi-fi.org/news-events/press-releases", "tags": ["x_transferred"]}, {"url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx", "tags": ["x_transferred"]}, {"url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/", "tags": ["x_transferred"]}, {"url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-304", "lang": "en", "description": "CWE-304 Missing Critical Step in Authentication"}]}], "affected": [{"vendor": "ieee", "product": "802.11_wireless_protocol", "cpes": ["cpe:2.3:a:ieee:802.11_wireless_protocol:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-29T19:16:02.554982Z", "id": "CVE-2023-52424", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T19:27:35.398Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wi-fi.org/news-events/press-releases", "tags": ["x_transferred"]}, {"url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx", "tags": ["x_transferred"]}, {"url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/", "tags": ["x_transferred"]}, {"url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:55:41.852Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52424", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-29T19:16:02.554982Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ieee:802.11_wireless_protocol:*:*:*:*:*:*:*:*"], "vendor": "ieee", "product": "802.11_wireless_protocol", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-304", "description": "CWE-304 Missing Critical Step in Authentication"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T19:18:51.822Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.wi-fi.org/news-events/press-releases"}, {"url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx"}, {"url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/"}, {"url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf"}], "descriptions": [{"lang": "en", "value": "The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an \"SSID Confusion\" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-17T20:28:13.377Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52424", "state": "PUBLISHED", "dateUpdated": "2025-02-13T15:46:59.936Z", "dateReserved": "2024-02-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-17T20:28:13.039Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an \"SSID Confusion\" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake."}, {"lang": "es", "value": "El est\u00e1ndar IEEE 802.11 a veces permite a un adversario enga\u00f1ar a una v\u00edctima para que se conecte a una red no deseada o no confiable con Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE o FILS, tambi\u00e9n conocido como un problema de \"confusi\u00f3n de SSID\". Esto ocurre porque el SSID no siempre se utiliza para derivar la clave maestra por pares o las claves de sesi\u00f3n, y porque no existe un intercambio protegido de un SSID durante un protocolo de enlace de 4 v\u00edas."}], "id": "CVE-2023-52424", "lastModified": "2024-11-21T08:39:43.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-17T21:15:07.910", "references": [{"source": "cve@mitre.org", "url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx"}, {"source": "cve@mitre.org", "url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf"}, {"source": "cve@mitre.org", "url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/"}, {"source": "cve@mitre.org", "url": "https://www.wi-fi.org/news-events/press-releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.top10vpn.com/research/wifi-vulnerability-ssid/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wi-fi.org/news-events/press-releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-304"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "802.11: SSID Confusion attack", "id": "2282013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282013"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-304", "details": ["The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an \"SSID Confusion\" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.", "A flaw was found in the IEEE 802.11 standard. This vulnerability possibly allows an adversary to trick a victim into connecting to an unintended or untrusted network because the SSID is not always used to derive the pairwise master key or session keys and because there is not a protected exchange of an SSID during a 4-way handshake."], "mitigation": {"lang": "en:us", "value": "Avoid Credential Reuse: One of the key recommendations is to avoid reusing credentials across different SSIDs. Each network should have unique credentials to prevent attackers from easily setting up rogue networks with matching authentication details."}, "name": "CVE-2023-52424", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "hostapd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "hostapd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52424\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52424\nhttps://www.top10vpn.com/research/wifi-vulnerability-ssid/"], "statement": "This vulnerability affects networks using the WEP, WPA3 SAE-loop, 802.1x/EAP, FILS, and Mesh AMPE authentication protocols, arising from a design flaw in the WiFi standard IEEE 802.11 allows attackers to trick victims into connecting to less secure networks and intercept their traffic. This significantly impacts Confidentiality, as sensitive data can be intercepted. Integrity is compromised because attackers can alter intercepted data. Availability is also affected, as the attack exploits the auto-disconnect feature in certain VPN clients, causing the VPN to disable when the device connects to a predefined \u201ctrusted\u201d WiFi network, leaving the user unprotected. The impact is Moderate, because of the attack limitations: credentials of the valid WiFi network and malicious one suppose to be the same.", "threat_severity": "Moderate"}